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Abstract 

The CLP scheme uses Horn clauses and SLD resolution to generate mul- 
tiple constraint satisfaction problems (csps). The possible CSPs include 
rational trees (giving Prolog) and numerical algorithms for solving linear 
equations and linear programs (giving CLp(r)). In this paper we develop 
a form of CSP for interval constraints. In this way one obtains a logic se- 
mantics for the efficient floating-point hardware that is available on most 
computers. 

The need for the method arises because in the practice of scheduling 
and engineering design it is not enough to solve a single CSP. Ideally one 
should be able to consider thousands of CSPs and efficiently solve them or 
show them to be unsolvable. This is what CLp/ncsp, the new subscheme 
of CLP described in this paper is designed to do. 

1 Introduction 

Floating-point arithmetic is marvelously cheap, and it works most of the 
time. Many textbooks on numerical analysis contain examples of how 
spectacularly, or insidiously, it can go wrong when it does not work. It 
would seem that in a mature computing technology there is only place 
for reliable techniques. Yet floating-point arithmetic is not to be lightly 
dismissed: it is one of the main beneficiaries of the enormous increase in 
processor performance of the last few decades. In combination with the 
insatiable demand for more computationally intensive mathematical mod- 
eling, this gives every motivation to use interval arithmetic [21] as a way 
to safely use the dangerous technology that is floating-point arithmetic. 

Interval arithmetic ensures that, in spite of the errors inherent in 
floating-point arithmetic, a computation can be interpreted as a proof 
that the real-valued result is contained in the (interval) result of the com- 
putation. However, the correctness provided by interval arithmetic is 
limited to the evaluation of a single expression; it does not extend to the 
algorithm in which such evaluations take place. To ensure correctness of 
the way an algorithm combines expression evaluations one could of course 



use verification methods for imperative programs, such as Floyd's asser- 
tions. In this paper we consider the alternative of replacing the algorithms 
by logic programs, thus allowing programs to be read as specifications. 

Logic programming is more than just an alternative to Floyd's asser- 
tions. The logic framework suggests a relational form for interval compu- 
tation. Such a relational form is provided by interval constraints [7||B], 
an improvement to interval arithmetic itself. Incorporating interval con- 
straints into logic programming has the added advantage that the result 
goes beyond the constraint processing paradigm by yielding programs that 
generate multiple constraint satisfaction problems in addition to solving 
them. In scheduling and in engineering design it is typically the case that 
one has an entire search space of such problems. CLp/ncsp, the integrated 
system described in this paper, generates such search spaces. Solving is 
not only used for obtaining results, but also for pruning the search spaces 
by inducing early failure. 

In Section [4] we start at the logic end with a review of the CLP scheme 
[171118] . We use Clark's method [pj for the semantics of logic programming 
schemes. As this method uses a mild form of algebraic logic, it needs 
some introduction; this happens in Section [3] In Section [5] we start at 
the opposite end with a suitably modified version of the main features 
of the Constraint Processing framework (csp). To bring together the two 
established constraint approaches of the literature we develop in Section[6] 
what we call here the DC subscheme of the CLP scheme. The integration 
of interval constraints (reviewed in Section [7} into logic programming is 
described in Section [8] 

2 Related work 

The pioneering work in constraint logic programming is [TS] , implemented 
as chip |13j . Prolog has SLD resolution as sole inference rule; [15] added 
Forward Checking, Look-Ahead, and Partial Look-Ahead as additional 
inference rules, to be applied to goals, depending how they are declared. 

CHIP was restricted to finite domains, ichip 20 proposed extending 
chip to include floating-point intervals as domains for real-valued vari- 
ables. Descendants of chip such as the Eclipse system (see [J] for a 
recent description), implemented floating-point intervals. 

The earliest design for integrating interval arithmetic into Prolog is 
Cleary's [TO], which served as basis for bnr- Prolog JS][7]. Cleary's proposal 
of a "logical arithmetic" for Prolog described an implementation, but not 
a logical semantics. His paper and [12] are the first to describe relational, 
rather than functional, interval arithmetic. It remains to be seen whether 
the mathematical model given by Older and Vellino [22] can be connected 
to logic, bnr Prolog and Prolog IV [11] are mentioned here because of 
their connection with Prolog, but not because of connection with logic 
programming. 

The CLP scheme [17] gives a logical semantics that combines pure Pro- 
log with constraint solving. This scheme supersedes chip and its descen- 
dants as it is both simpler and more general. 

The CLP scheme served as the basis for the CLp(r) system [TS]. It 
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uses the scheme to generate answers to numerical problems in the form of 
"active constraints" . In the derivation of these, floating-point arithmetic 
is used without due precaution, so that the validity of answers is lost 
through rounding errors. 

In [23] it was shown that the CLP scheme is general enough to ac- 
commodate both interval and finite-domain constraints. It does this by 
introducing "value constraints" without suggesting any way of interfacing 
these with intervals. This is done in this paper by means by means of 
CLp/dc, the DC subscheme of the CLP scheme. In this way we obtain 
CLP/NCSP, the first logic programming language (as distinct from exten- 
sion of Prolog) with real variables in which only the precision, but not the 
validity, of answers is affected by rounding errors. 

3 Logic Preliminaries 
3.1 Relations 

Relations play a central role in the integration of interval constraints into 
logic programming: both constraints and the meanings of logic predicates 
are relations. Here we do not attempt to define relations as generally as 
possible: we only strive for adequacy for the purpose of this paper. For a 
more drastic generalization of the usual notion of relation, see [24] . 

As usually defined, a relation is a subset of a Cartesian product Si x 
■ • ■ x St. That is, it consists of tuples (ai, . . . ,dk) with ai £ Si for i — 
1, . . . , k. Such tuples are indexed by the integers 1, . . . , k. In the following 
we will need such relations, as for example the ternary relation sum = 
{(x, y, z) £ TZ 3 | x + y = z}, indexed by the set {1, 2, 3}. 

But we will also need relations consisting of tuples indexed by variables 
instead of integers. For example, the constraint written as sum(i2, x%,xi) 
is intended to be a relation distinct for the sum relation just mentioned. 
As another example, sum(i2, x%, xi) A sum(i3, x&, xi) is intended to be a 
relation. If so, which set of tuples? How indexed? 

In this section we introduce the suitable type of relation; in Section [3^4l 
we define how they arise as meaning of the constraint expressions just 
shown. 

Definition 1 Given a set X = {x±, . . . , xn} of variables, a relation p C 
Si X • • • X S n consisting of tuples indexed by {1, . . . , n} and a sequence 
(vi, . . . , v n ) of variables (not necessarily distinct), the relation p on v is 
the set of tuples r indexed by the set of the k < n variables in v such that 
r(vi) — U for a tuple t £ p, for all i = 1, . . . , n. 

Example 1 Let p be the ternary sum relation over the set Af of natural 

numbers, X = {aii, , Kioo}; an d v = (x2,X2,xi). Then we have as 

example of a tuple t in the relation p on v: 



t(vi) 
t(v 2 ) 
r(v 3 ) 



t(x2) = tl 

r(x 2 ) = ta 
r(xi) = t-i 
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Table 1: On the left, tabular form of the relation sum on (x2,X2,xi,) where 
sum = {(x, y, z) 6 1Z 3 | x + y = z}. On the right, tabular form of pi IX p2 from 
Example [U 



For such ar to exist, only tuples t £ p qualify where the first two elements 
are equal to each other, r consists of tuples indexed by the set {xi, X2}. 
The tabular form of r is as shown in Table QJ 

Definition 2 Let pi (p-z) be a relation in which the tuples are indexed by 
a set Xi (X2 ) of variables. The join of pi and pi is written as pi N p2 and 
is defined as the relation in which the tuples r are indexed by Xi U X2 and 
are such that there exists, for each tuple r £ (pi IX P2), tuples n £ pi and 
T2 £ p2 exist such that t(x) = ti(x) if x £ Xi and t(x) — T2(x) if x £ X2. 
(Note that this implies that n and T2 have to be such that Ti(x) = T2(x) 
for all x such that x £ XI n X2.) 

Example 2 Let p be the ternary sum relation over the set J\f of natural 
numbers, X = {xi, . . . , 2:100}, Vl = {X2, X2,xi) , and V2 = (X3, X4,,xi). Let 
pi be p on vi and p2 be p on V2. Then pi N p2 is a relation of which 
some tuples are shown in Table\l\ 

3.2 Language 

The vocabulary of logic is formalized as a signature E = (P, F,V), a tuple 
of disjoint, countably infinite, sets of predicates, functors, and variables. 
P is partitioned according to whether it may occur in a constraint or in 
a program. Thus we have "constraint predicates" and "program predi- 
cates". The constraint predicates include the miliary true and false and 
the binary =. 

A term is a variable or an expression of the form f(to, . . . , ifc-i), where 
/ £ F and to, ... , tk-i are terms. If k — 0, then the term is a constant. 

An atom (or atomic formula) is an expression of the form p(to, • • • , tk— 1), 
where p £ P is a predicate and to, ... , t^-i are terms. If p is a program 
(constraint) predicate, then an atom with p as predicate is a program 
(constraint) atom. 

A goal statement is a conjunction of program atoms or constraint 
atoms. A constraint is a conjunction of constraint atoms. 
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3.3 Interpretations 

Interpretations depend on a language's signature. They are formalized as 
^-structures X — (D,P,F) where 

• D is a non-empty set called the domain of the interpretation. 

• P is a function mapping every fc-ary predicate in P to a subset of 
D fc . P maps true to true = {()}, false to false = {}, and = to 
{{a, a) | a € D}. 

• F is a function mapping every functor / in F to a function mapping 
each fc-ary functor in F to a k-adic function in D fc —¥ D. 

3.4 Denotations 

An interpretation (D, F, P) determines a function M mapping variable- 
free terms to their denotations, as follows: 

• M(t) = F(t) € D if t is a constant 

. M(/(t , • • ■ , tfc-i)) = (F(/))(M(to), . . . , M(t fc _i)) for fc > 

• A ground atom p(io, • • • , tfc-i) is true in an interpretation iff 
(M(to), • • • , M(tfc_i)) e P(p) We give denotations of non-atomic 
formulas later, via relations. 

We now consider denotations of terms and atoms that contain vari- 
ables. Let A be an assignment, which is a function in V — ► D, assigning 
an individual in D to every variable. (In other words, A is a tuple of ele- 
ments of D indexed by V). As denotations of formulas with free variables 
depend on A , we write tA A . 

• M A {t)=A(t) iitsV 

• M A (f{t ,...,t k -i)) = 
(F(f))(M A (t ), M^(t fc _i)) for k > 0. 

• An atom p(to, ■ ■ ■ , tk-i) is true in an interpretation iff 

(Mx(td),...,M^(t k .i))6P(p) 

We give denotations of non-atomic formulas later, via relations. 

The existential closure 3a^o, • • • ,x n -i of a set C of atoms is true in an 
interpretation iff there is an assignment A such that ~M. A {A) — true for 
every atom A £ C. 

Definition 3 Let Xc C V be the set of the free variables in formula C. 
R{C), the relation denoted by C, given the interpretation determining 
Ma, is defined as 

^(C) = {-^ I Xc | A is an assignment and M A (C) = true}. 

By A I Xc we mean the function A : V — > D restricted to arguments in 
X c C V. 

Thus R(C) consists of tuples indexed by variables. R allows us to 
translate between algebraic expressions in terms of relations and formu- 
las of logic. This is useful because the results in constraint satisfaction 
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problems are expressed in terms of relations, whereas the constraint logic 
programming scheme is expressed in terms of first-order predicate logic. 

We have of course R(true) — M(true) = true; also R(false) — NL(false) = 
false. More interestingly, we may have R(Ci A C 2 ) = R(C\) PI R(C 2 ) and 
R(Ci VC 2 ) = R{Ci) U R(C 2 ). But these hold only when Ci and C 2 have 
the same set of variables. As this is not always the case, we also need to 
define R(Z,C), where Z is a set {z±, . . . zn} of variables containing Xc, 
the set of the free variables of C: 

Definition 4 

R{Z, C) — {A i Z I A is an assignment and Ma(C) = true}. 

Definitions ([3]) and Q were suggested by a similar device first brought to 
our attention by [5]. The version here is modified to allow translations of 
a wider class of formulas. Their advantage is that of simplicity compared 
to other systems of algebraic logic such as |14j . 

R(Xc,C) = R(C) 
R(X Cl U Xc 2 , Ci A C 2 ) = R(X Cl ux C2 ,d)n R(X Cl U Xc 2 , c 2 ) 
R(X Cl U Xc 2 , Ci V Ci) = R(X Cl U Xc 2 , Ci) U J?(^ Cl U A-c 2 , C 2 ). 

To be able to interface the CLP scheme, expressed in terms of predicate 
logic formulas with CSPs, expressed in terms of relations, we will use the 
following lemma. 

Lemma 1 R{X Cj U Xc 2 , C\ A C2) = R(C\) X R(C 2 ). 

3.5 Logical implication 

In the usual formulation of first-order predicate logic we find the notation 
T \= S for the sentence S being logically implied by sentence T, where 
"sentence" means closed formula. The meaning of the implication is that 
S is true in all models of T. The denotations just defined allow logical 
implication to be generalized to apply to formulas that have free variables 

m- 

Definition 5 Let S and T be formulas and let Z be the set of variables 
occurring in them. Then we write T \= S to mean that in all interpreta- 
tions R(Z,S) C R(Z,T). Likewise, T \= R(Z,S) C R(Z,T) means that 
R(Z,S) C R(Z,T) holds in all models ofT. 

4 Review of the CLP scheme 

The CLP scheme is based on the observation that in logic programming the 
Herbrand base can be replaced by any of many other semantic domains. 
Hence the scheme has as parameter a tuple C,T), where E is a 

signature, I is a E-structure, £ is a class of E-formulas, and T is a first- 
order E-theory. These components play the following roles. E determines 
the relations and functions that can occur in constraints. X is the structure 
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over which computations are performed . C is the class of constraints 
that can be expressed. Finally, T axiomatizes properties of T. 

Derivations in the CLP scheme are defined by means of transitions 
between states. A state is defined as a tuple (G, A, P) where the goal 
statement G is a set of atoms and constraints and A and P are sets of 
constraint^. Together A and P form the constraint store. The constraints 
in A are called the active constraints; those in P the passive constraints. 

The query Q corresponds to the initial state (Q,0, 0). A successful 
derivation is one that ends in a state of the form (ty,A,P). 

The role of A and P in this formula is to describe the answer to the 
query Q. A A P is CLP's generalization of Prolog's answer substitution. 
It describes an answer, if consistent. Such an answer may not be useful, 
as P may still represent a difficult computational problem. All that the 
derivation has done is to reduce the program atoms to constraint atoms, 
directly or indirectly via program atoms. Derivations also transfer as 
much as possible the computational burden of the passive constraints P 
to the easily solvable active constraints A. 

4.1 Operational semantics 

A derivation is a sequence of states such that each next state is obtained 
from the previous one by a transition. There are four transitions, — > r , 
— Y c , — U, and — >- s : 

1. The resolution transition — > r : (G U {a},A,P) -+ r (G U 
B, A, P U {si = ti, ■ ■ ■ , s n = t n }} if a is the atom selected out of G U {a} 
by the computation rule, h <— B is a rule of V, renamed to new variables, 
and h = p(ti, . . . , t n ) and a = p(si, . . . , s„). 

{G U {a}, A, P) — v fail is the transition that applies if a is the atom 
selected by the computation rule, and, for every rule h <— B in V , h and 
a have different predicate symbols. 

2. The constraint transfer transition H» c : {G U {c}, A, P) 
{G, A, P U {c}) if constraint c is selected by the computation rule. 

3. The constraint store management transition — ^ : {G. A. P) — h 

(G,A',P') 

if (A',P'} = mfer(A,P). 

4. The consistency test transition — > s : (G,A,P) — (G,A,P) 
if A is consistent; 

(G, A, P) — 7> s fail otherwise. 

1 I is a structure consisting of a set D of values (the carrier of the structure) together 
with relations and functions over D as specified by the signature S. For example, there is a 
complete ordered field that has TZ, the set of real numbers, as carrier. 

2 We will often regard A and P as formulas. Then they are the conjunctions of the atoms 
they contain. 
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4.2 Logic semantics 

For the logic semantics of the CLP scheme we follow [9]. 

Theorem 1 (soundness) Whenever we have a successful derivation from 
query Q resulting in P and A as passive and active constraints we have 
V, T \= R(3(P A A)) C R(Q), where the quantification is over the free 
variables in PA A that do not occur free in Q. Note Definition^ for "\=". 

Theorem 2 (completeness) Let Q be a query with variables Xq. If 
V,7~ \= R(Xq,F) C R(Q) for a constraint atom F, then there are k 
successful derivations from Q with answer constraints T\, . . . ,Fk such that 

T\=R{x Q ,v) c i?(;tQ,ri)u---ui?(AQ,r fc ). 

For credits see [S]. 

5 Constraint Satisfaction Problems 

Constraint Satisfaction Problems (csps) can be defined as a framework 
to cover a variety of specific situations, each exploiting an algorithmic op- 
portunity. For example, the CSP framework can be instantiated to graph- 
colouring problems exploiting an efficient algorithm for the all-different 
constraint based on matching in bipartite graphs. It can also be instanti- 
ated to the solution of arithmetical constraints over real-valued variables 
using efficient algorithms and hardware for floating-point intervals. It is 
for this latter instantiation that we are interested in CSPs. But before 
describing it, first the general framework. 

5.1 CSPs according to Apt 

K. Apt was early in recognizing [2] that CSPs can be defined rigorously, 
yet in such a way as to be widely applicable. The following definition is 
distilled from [2j[5], and uses his notation. 

Definition 6 A CSP {X,T>,C) consists of a sequence X — (xi, . . . , x„) 
of variables, a sequence T> — (D±, . . . , D n ) of sets called domains, and a 
set C = {ci, . . . , Cfe} of constraints. Each constraint is a constraint on a 
subsequence of X. An n-tuple (di, . . . ,d n ) £ D\ X • • • X D n is a solution 
to (X,T>,C) iff for every c £ C on a sequence of variables {x^, . . . , X% m ) 
from X we have (di 1 , . . . , di m ) £ c. 

In this definition X is probably intended to consist of n different variables. 
Once that condition is assumed, X need not be a sequence, but can be a 
set without further qualification. 

Example 3 To see Apt's definition at work, consider the following ex- 
ample. X — (xi,X2,X3,Xi), T> — (J\T,N,N,N), and C = {ci,C2}. Con- 
straints c\ and C2 are on {x2,X2,xi) and (x^, xa, xi), respectively. To 
determine some of the solutions we construct Tabled 

The table for c\ is constructed according to the rule £2+2:2 = x\\ for C2 
the rule is xz + £4 = xi . In Definition [6] a constraint remains a black box: 
there is no opportunity to specify a rule according to which the tuples 
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Table 2: Table for ExampleE] illustrating solution according to Apt's definition. 



are constructed. This omission can be a disadvantage, as is seen in the 
important type of discrete CSP that can be viewed as a graph-colouring 
problem. In practical applications such CSPs have a small domain, con- 
sisting of the "colours". At the same time they have a large number of 
variables and a large number of constraints, both numbers running in the 
thousands. Yet all these constraints have an important property in com- 
mon: they derive from the "all different" constraint that requires that no 
two of their arguments have the same value. 

The remedy for this problem was prepared by Definition [T] which is 
used in our alternative Definition [7] for CSP. If the definition of CSP in- 
cluded a language for expressing constraints, then these expressions would 
clarify the connection between ci and C2. For example, sum(x2, £2, x\) 
would be a good expression for ci and sum(i3,i4,ii) for C2. 

Predicate logic is a potential candidate for a formal constraint lan- 
guage. To realize this potential we modify Apt's definition to obtain the 
definition given in the following section. To be able to interface the solv- 
ing algorithm for CSPs with the CLp/dc scheme, we modify the algorithm 
also. In the section after that we define how predicate logic can be used 
as the constraint language. 

5.2 A modified definition of CSPs 

Definition 7 A Constraint Satisfaction Problem (CSP ) consists of a fi- 
nite set X = {x\, . . . , x n } of variables, a finite set C = {ci, . . . , c m } of 
constraints, each of which is a relation over a sequence of elements of X 
in the sense of Definition^ With each variable x% is associated a universe 
Di, which is the set of values that Xi can assume. A solution of a CSP 
is an assignment to each variable Xi of an element of Di such that each 
constraint in C is satisfied. 
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Apparently, the solution set of a CSP with set X of variables is a 
relation on X in the sense of Definition \T\ A compact characterization of 
the solution set can be given as follows. 

Lemma 2 The solution set equals ci M • • ■ M Cm where X is as in Defini- 
tion^ 

For certain CSPs it is practical to enumerate the solutions. In other 
cases the solution set, though finite, is too large to be enumerated. And 
it may be the case that the solution set is uncountable; moreover its 
individual solution tuples may consist of reals that are not computer- 
representable. 

Thus it is often necessary to approximate the solution set. A conve- 
nient form is that of a Cartesian product D\ X • • ■ X D n that is contained 
in Di x ■ ■ ■ x D„. Such an approximation has the property that Xi Di 
for any i 6 {1, . . . ,n} ensures that {xi, . . . , x n ) is not a solution. Making 
Di , . . . , D n as small as possible gives us as much information about the 
solution set as is possible for approximations of this form. 

Di is called the domain for Xi for i £ {1, . . . , n}. We need to ensure 
that the subsets Di of D; are computer-representable. This may not be 
a restriction when Di is finite and small. It is when Di = TZ. In general 
we require that the subsets of Di that are allowed as Di include Di itself 
and are closed under intersection. We call such subsets a domain system. 

Lemma 3 Given sets D±, . . . , D„, each with a domain system and S C 
Di x ■ ■ • x D n . There is a unique least Cartesian product of domain system 
elements containing S. 

Definition 8 Given sets D%, . . . ,D n , each with a domain system and 
S C D\ x ■ ■ ■ x D n . The least Cartesian product of domain system elements 
containing S, which exists according to Lemma\3\ is denoted OS. 

With each constraint there is associated a domain reduction operation 
(dro), which is intended to reduce the domains of one or more variables 
occurring in the constraint. 

Definition 9 Given a CSP and a relation p C Di 1 x ■ ■ ■ x Di k . Let 

constraint c be a relation p on (xi x , . . . , Xi k ) A domain reduction operation 
(dro ) for c is a function that maps Cartesian products Di 1 x ■ • ■ x Di k C 
Di 1 x ■ • ■ x Di k to Cartesian products of the same type. The map of the 
function is given by D il x ■ ■ ■ x D ik h-> D' t x ■ ■ ■ x D[ k where D\ x x • • • x D' ik 
satisfies 

□ ((Ai x ■■■ x DijHp) C D' n x ■■■ x D' ik C D ix x ■■■ x D ik . 
If the left inclusion is equality, then we call the DRO a strong one. 

This operation was introduced by ^7! under the name "narrowing". 
The intended application had intervals for the domains, hence the name. 

Note that domains are reduced only by removing non-solutions. As one 
can see, DROs are contracting: if they do not succeed in removing anything, 
they leave the domains unchanged. Strong DROs are idempotent: multiple 
successive applications of the same DRO have the same effect as a single 
application. 

Success of the constraint satisfaction method of solving problems de- 
pends on finding efficiently executable strong DROs. 
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5.2.1 Constraint Propagation 



Definition 10 A computation state of a CSP is Di x ■ • ■ x D n where 

Di C Di is a domain and is associated with Xi, for i = 1, , n. 

A computation of a CSP is a sequence of computation states in which each 
(after the initial one) is obtained from the previous one by applying the 
DRO of one of the constraints. 

The limit of a computation is the intersection of its states. 
A fair computation of a CSP is a computation in which each of the con- 
straints is represented by its DRO infinitely many times. 

Fair computations have infinite length. However, no change occurs from 
a certain point onward (domain systems have a finite number of sets). 
By the idempotence of strong DROs, this is detectable by algorithms that 
generate fair computations, so that they can terminate accordingly. 

Theorem 3 J3J? The limit of a fair computation of a CSP is equal to the 
intersection of the initial state of the computation with the greatest fixpoint 
common to all DROs. 

For a given CSP the intersection of the states of any fair computation 
only depends on the initial state. It is therefore independent of the com- 
putation itself. Apparently the CSP maps the set of Cartesian products to 
itself. It is a contracting, idempotent mapping. 

Lemma 4 Let D be the initial state of a fair computation of a CSP. Then 
the limit of the fair computation contains the intersection of D with the 
solution set. 

Definition 11 The transition from the initial state of a computation to 
the limit of that computation is called constraint propagation. 

The reason for the name is that the effect of a DRO application on a 
domain may cause a subsequent DRO applications to reduce other domains. 

5.2.2 Enumeration 

Constraint propagation only goes part way toward solving a CSP: it results 
in a single Cartesian product containing all solutions. In general this single 
Cartesian product needs to be split up to give more information about 
any solutions that might be contained in it. This is what enumeration 
does. 

Before a more precise definition, let us sketch the solving process by 
means of the CSP arising from a graph-colouring problem. In case con- 
straint propagation yields an empty domain in the computation state, the 
solving process is over: absence of solutions has been proved. Suppose 
the resulting computation state does not have an empty domain. We only 
know that any solutions that may exist are elements of the Cartesian prod- 
uct of the domains. If all domains are singletons, then the corresponding 
tuple is a solution. If not, one enumerates a domain with more than one 
element (say, the smallest such). In turn, for each element in that do- 
main, one assumes it as the value of the variable concerned and leaves the 
other domains unchanged. To the smaller CSP thus obtained, one applies 
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constraint propagation. This may, in turn, require enumeration; and so 
on. 

To make the idea applicable to the case where there are infinite do- 
mains, we split a domain instead of enumerating it. Then it works as 
above if the domains are countable. 

To split an uncountable domain, then we need the property that the 
domain system is finite. Splitting is restricted to producing results that 
belong to the domain system. This implies that only a finite number of 
splits are possible. In case of an uncountable domain it is not in general 
possible to identify solutions. 

Enumeration yields tuples consisting of domains that are as small as 
the domain system allows that together contain all solutions, if any exist. 
And of course solving the CSP results in eliminating almost all of the 
Cartesian product of the initial domains as not containing any solutions. 

Enumeration algorithm 

To enumerate computation state S: 

If a domain is empty, then halt. 

If one of the domains is a singleton, 

then substitute the element as value of the corresponding variable 
and construct the computation state S' with that variable eliminated. 
Enumerate S'. 

else split a domain d into domain system elements do and di . 

Construct computation states Si by replacing d in S by di, for i — 0, 1. 
Enumerate So; Enumerate Si. 

Often too many enumeration results are generated. Sometimes the 
domain system comes with a suitable notion of adjacency so that adja- 
cent enumeration results can be consolidated into a single one. Such a 
consolidation may trigger further consolidations. 

6 The Domain Constraint subscheme of 
the CLP Scheme 

The CLP scheme is open-ended: it is basically a scheme for using Horn- 
clause rules to generate a multitude of constraint-satisfaction problems. 
The parameters of the scheme allow a great variety of useful algorithms 
and of data-types for these to act on. A first step in reducing the vast 
variety of options is CLp/dc, the domain-constraint subscheme of the CLP 
scheme. We define CLp/dc by visiting first the parameters C,T), 
and then the transitions of the CLP scheme. 

6.1 The parameters 

S: Some domains are such that individual elements may not be repre- 
sentable in a computer, if only because there are infinitely many of them. 
Satisfactory results can still be obtained by designating a finite set of 
subsets of the domain that are computer-representable. To accommodate 
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these the signature E includes a unary representability predicate for each 
of these subsets. 

X: the domain component D of the E-structure I has to admit a 
domain system: a finite set of subsets of D that includes D and is closed 
under intersection. 

C: the language of constraints consists of conjunctions of atomic for- 
mulas. 

T: the theory giving the semantics of the constraints links unary rep- 
resentability predicates to representable subsets of D. This is done in 
part by clauses describing the effects of the DROs. In Definition [9] let the 
constraint c be r(xi 1 , ■ ■ ■ , Xi k ). Then the clauses describing the dro of c 
are 

dj(xij) «- d 1 (x il ), ■ • • , dk{xi k ),r{xi 1 , . . . ,Xi h ) (1) 

for j = l,...,k. Further details depend on the instance concerned of 
CLP/dc. The idea of expressing the action of a DRO in the form of an 
inference rule is due to [2] . This is closely related to the inclusion of an 
implication like the one above in a theory. 

6.2 The transitions 

The — > r and — > c transitions: These only serve to transform goal atoms 
into constraint atoms, and are needed unchanged in the CLp/dc sub- 
scheme. 

The — >i transition: In the CLP scheme this transition is intended to 
accommodate any inference that transfers the burden of constraint from 
the passive constraints P to the efficiently solvable active constraints A. 
In the CLp/dc subscheme such inference is restricted to those forms that 
leave P unchanged: the information contained in them is only used to 
strengthen the active constraints A. Moreover, A is restricted to the 
form {di(a;i), . . . ,d n (x n )} where each variable in the passive constraint 
P occurs exactly once and where {di, . . . , d n } are unary representability 
predicates. 

As P is the unchanging conjunction of the constraints, we refer to 
it as G in the clp/dc subscheme. As A = {di(Xi), . . . , d n (X n )} only 
states of each of the variables that it belongs to a certain domain we re- 
fer to it as D in the clp/dc subscheme. As a result of these renamings 
we have a close relationship between CSP and clp/dc: G and D in CSP 
and in clp/dc are counterparts of each other. As a result of these restric- 
tions and renamings, the constraint store management transition becomes 
<G, D, C) ->•< <G, D', C) if {D', C) = mfer(D, C). 

The infer operation is performed by setting up a CSP with an initial 
state and determining the limit of the fair computations from the initial 
state. This limit is then the D' in (£>', C) = mfer(D,C). 

The CSP that implements infer in this way has the following compo- 
nents. 

1. The variables are those that occur in the passive constraint G. 

2. The universes over which the variables range are equal to each other 
and to D. 
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3. If a constraint atom Cj of CLp/dc is r(xi 1 , . . . , Xi k . ), then the corre- 
sponding constraint of the CSP is p, the meaning of r, on (xi 1 , . . . , Xi k _ }, 
with "on" as in Definition [T] 

4. If the active constraint is {di(xi), . . . , d„(x„)}, then the initial com- 
putation state in the CSP is D\ x • ■ • x D n with Di = {x £ ~D \ di(x)}, 
for i = 1, ... ,n. 

In the CSP thus obtained a fair computation is constructed with limit 
D'x x • • • X D' n . These domains are then used to determine the active 
constraint D' = {d[(xi), . . . ,d' n (x n )}, where the di are obtained from 
Dl = {x £ D | <(a;)}, for i = 1, . . . , n. 

In this way CSP computations can be used in CLp/dc. 

The — > 3 transition: In the CLP scheme this transition checks as best 
as it can whether P A A is consistent. In the CLp/dc subscheme no 
attempt is made to check C for consistency. It does this only for D — 
di(xi) A • • • A d n (x) and this is simply a check whether any of the di is the 
predicate for the empty subset of D. 

Lemma 5 The existence of a successful derivation implies that C,T \= 
R(C)cR(Q). 

Proof 1 By theorem Q] we have C,T \= R(C A D) C R(Q) and we have 
C,T^R(C)cR(D). 

7 Interval constraints 

We have used in Section [4] the CLP scheme as starting point. To establish 
the direction in which to proceed, we identified in Section [S] a desirable 
point outside of logic programming: the CSP paradigm. Here are to be 
found useful algorithms for computational tasks of interest. These range 
from the "most discrete" such as graph colouring to the "most continuous" 
such as solving non-linear equalities and inequalities over the reals. 

After thus establishing a line along which to travel, we went back in 
Section [S] to establish a subscheme of the CLP scheme, that of the domain 
constraints, to emulate within logic the main features of the CSP paradigm. 

It is now time to declare our main interest: real valued variables rather 
than discrete ones. It so happens that there is a real- variable specialization 
of the CSP paradigm, interval constraints, and it will be useful to take an 
excursion from logic again and review this next. 

We are interested in CSPs with the following characteristics. The vari- 
ables range over the reals; that is, all universes Di, . . . , D n are equal to 
the set 1Z of reals. The domain system is that of the floating-point in- 
tervals. The constraints include the binary < and the ternary sum and 
prod. The reason is that these have strong DROs that are efficiently com- 
putable. Strong DROs are also available for =, max, abs, and for rational 
powers. For the constraints corresponding to the transcendental functions 
DROs are available that are idempotent, but not strong. The definition of 
"strong" requires them to be the least floating-point box containing the 
intersection of the relation with the argument box. That the dro is not 
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strong has to do with the difficulty of bounding these function values be- 
tween adjacent floating-point numbers. But DROs closely approximating 
this ideal are used in some systems 16 . 

Let us consider an example of a dro for use with real-valued variables 
constrained by the relation 

sum = {{x, y, z) £ 1Z \ x + y — z). 

Suppose the domains for x, y, and z are [0,2], [0,2], and [3,5]. Clearly, 
neither x nor y can be close to 0, nor can z be close to 5. Accordingly, 
when this DRO is applied, these intervals are reduced to [1,2], [1,2], and 
[3,4]. 

The numbers 1 and 4 arise by computing 3 — 2 and 2 + 2. Here no 
rounding errors were made. This is exceptional. Let us now consider the 
case in which the initial intervals are scaled down by a factor of ten to 
[0.0,0.2+], [0.0,0.2+], and [0.3", 0.5+]. Here 0.2+ is the least floating- 
point number not less than 0.2, and similarly for the other superscripts. 
Now the corresponding operations 0.3" — 0.2+ and 0.2+ + 0.2+ do incur 
rounding errors. 0.3" — 0.2+ is evaluated to a floating-point number we 
shall name 0.1 ; similarly, 0.2+ + 0.2+ is evaluated to 0.4++, so that 
the DRO gives the intervals [0.1 — ,0.2+], [0.1"" , 0.2+], and [0.3",0.4++] 
for x, y, and z, respectively. Here 0.1 may equal 0.1" or (0.1")". The 
decimal equivalents of the binary floating-point numbers computed here 
are so lengthy that users are neither willing to write nor to read them, 
so that further containment precautions are called for on (decimal) input 
and output. 

In this way single arithmetic operations find their counterpart in inter- 
val constraints. To give an idea of how the arbitrarily complex arithmetic 
expressions in nonlinear equalities and inequalities are translated to in- 
terval constraints consider the equation 1/x + 1/y — 1/z relating the 
resistance z of two resistors in parallel with resistances x and y. Con- 
straint processing is not directly applicable when, as we assume here, we 
only have DROs for sum and inv. We therefore convert the equation to 
the equivalent form 

3u, v, w £ 1Z. inv(x, u) A inv(y, v) A inv(z, w) A sum(u, v, w). 

Accordingly, the equation is translated to a CSP with X — {x, y, z, u, v, w) 
and C = {inv(x, u),inv(y, v),inv(z, id), sum(u, v, w)}. 

In numerical CSPs we can conclude, according to Theorem [4j that 
the solution set is empty when the limit of the computation is empty. 
However, a nonempty limit can still coexist with an empty solution set. 

It is possible to develop DROs for complex expressions such as 1/x + 
1/y — 1/z jo\. It is useful to know that this paper is antedated by the 
technical report version of [TJ. 

8 CLP/NCSP: the CLP/DC subscheme 
with a numerical CSP 

In Section [6] we described how the open-ended CLP scheme is narrowed 
down to the domain-constraints subscheme CLp/dc. In this section we 
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take a step further in this direction to obtain a subscheme suitable for 
numerical computation. We do this by following the specification in Sec- 
tion [5] 



8.1 The hierarchy of theories 

E: The signature contains the language elements needed for the usual 
theory of the real numbers: constants including and 1; the unary func- 
tion symbol — ; the binary function symbols +, — , *, and /; the binary 
predicates < and >. To these we add: 

• A unary representability predicate d a ,b for every floating-point inter- 
val in a given floating-point number system. For the IEEE-standard 
double-length floating-point numbers this means in the order of 2 127 
unary predicates. Not a mathematically elegant signature, but a 
finite one. 

• Ternary predicates sum and prod. 



I: the domain component D of the E-structure I is the set 1Z of 
real numbers. The domain system consists of the floating-point inter- 
vals, which are sets of reals. The floating-point intervals include 1Z itself 
and are closed under intersection, so include the empty interval. 
T: to the axioms of the usual theory of the reals we add: 

Vx. [d_oo,6(x) o x < b] for every floating-point number b 

Vx. [d a ,b(x) o a < x,x < b] for every pair of Apt numbers such that a < b 

Va;. [d a ,+oa(x) «-> a < x] for every floating-point number a 

Vx,y,z. [sum(x,y,z) o x + y — z] 



We refer to the resulting theory as 7i . The only difference with the usual 
axiomatization of the reals is that meanings are established for the newly 
introduced predicates. 

The effect of the dro of a constraint is described in clauses as in 
equation [T] in Section [5] For each of the atomic constraints in the passive 
constraint C this causes clauses to be added to 71. We call the resulting 
theory Ti- 

Theorem 4 Let C be the passive constraint, let D be the initial active 
constraint, and let D[ , . . . , D' m be the active constraints corresponding to 
the results of a CSP enumeration starting with initial constraint corre- 
sponding to D and constraints corresponding to C. Then Ti \= R(CAD) C 
[RW) U ■ ■ ■ U R(D' m )}. 

It would be more convincing if we could assert that T (= R(C A D) C 
[R(D[) U ■ • ■ U R(D' m )], as T is the usual theory of the reals, without 
computer-related artifacts. This is not possible, as R(C) and R(D) con- 
tain constraint predicates and these do not occur in 7". However, all 
axioms that are in 7~2 and not in T are logical consequences of 7~. 

Proof 2 Every application of a DRO corresponds to an inference with one 
of the rules in 75 of the form of Equation ifTJ], 
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It is now time to look at examples of what we can do with the tools 
developed so far. The first two examples concern a polynomial in a single 
real variable and represent it by a term p in the variable x. In these 
examples the problem is stated in a single constraint, so only uses a part 
of the CLP paradigm. The third example is a toy design problem. Here 
the CLP paradigm is fully exercised: multiple derivations are generated, 
each of which is potentially a significant numerical CSP. 

8.2 Semantics of solving numerical inequalities 

Consider the problem of determining where the given polynomial is non- 
positive. This corresponds to the constraint p < 0. In 72 we can translate 
p < to a set C of constraints. For example, if p is x * (x — 2) we have in 

r 2 

Mx[x * (x — 2) = O 3v, w. sum(v, 2, x) A prod(x, v, w) A w < 0] 

so that we have the constraint T equal to {sum(v, 2, x)Aprod(x, v, w)Aw < 
0}. A highly complex p will give rise to a C with many atoms and many 
variables. 

Soundness (theorem[4]) implies that the active constraints in the answer 
constraint for this problem CLp/ncsp contains all intervals in which p 
is zero or negative. Completeness implies that whenever we have for a 
constraint T that 

T 2 |= R{T) C R(p < 0) (2) 

there are m > derivations ending in anwer constraints Ti, . . . , P m such 
that 75 |= -R(r) C -R(Ii) U ■ ■ ■ U R(T m ). We cannot replace Equation (gj) 
by 75 H R(p — 0) 7^ 0- This would be reducible to the problem of deciding 
equality between two reals, a problem shown to be unsolvable Q]. 

8.3 Semantics of equation solving 

A well-known numerical problem that can present computational difficul- 
ties is the one of determining R(p — 0). 

Theorem U shows that the active constraints in the answer constraint 
for this problem CLp/ncsp contain all zeroes of the polynomial. It also 
shows that in case of finite failure the polynomial has no zeroes. The 
possibility remains that finite failure does not occur, yet there are no 
zeroes. This is unavoidable. The problem of deciding whether Ti \= 
R(p = 0) = reduces again to the problem of deciding equality between 
two reals. The best we can hope for is attained here: showing emptiness 
or finding small intervals in which all solutions, if any, are contained. 

Completeness (Theorem [2]) has nothing to say about this problem: it 
is rare for a polynomial p to make 7~2 \= R(T) C R(p = 0) true for non- 
empty R(T). With respect to Ti the set R(p — 0) is a finite set of reals, 
and it is rare for these to be a floating-point number. For most p, the 
least R(T) containing containing any root of it is an interval of positive 
width. 
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Conventional numerical computation produces single floating-point 
numbers that are intended to be near a solution, and mostly are. Some- 
times they are not, and one cannot tell from the program's output. Inter- 
val arithmetic and numerical CSPs improve on this by returning intervals 
that contain the solutions, if any, and by failing to return any intervals 
in which it is certain that no solutions exist. CLp/ncsp improves on this 
by giving a logic semantics, of which Theorem [4] is an example. However, 
interval arithmetic and interval constraints are limited in that they only 
solve a single CSP. A more important advantage of CLp/ncsp is that, in 
addition to solving CSPs, it automates the generation of the multiple CSPs 
that are often required in scheduling and in engineering design. We close 
by giving an example of this mode of operation. 

8.4 A toy example in CLP/NCSP 

Consider an electrical network in which resistors are connected to each 
other. The network as a whole has a certain resistance. We have available 
twelve resistors; three each of 100, 150, 250, and 500 ohms. From this 
inventory we are to build a network that has a specified resistance so that 
it can function as part in a larger apparatus. Fortunately there is a certain 
latitude: the resistance of the resulting network has to lie between 115 
and 120 ohms. The structure of the network is not given. This is a design 
problem in addition to being a computational problem. 

Even with the dozen components given in this problem there is a large 
number of ways in which they can be connected. We can nest parallel 
networks inside a series network, or the other way around, to several 
levels deep. Evaluation of each such combination requires a non-negligible 
amount of computation involving real-valued variables. The search space 
is sizable, hence the importance of constraint propagation to eliminate 
most of it. 

Let us imagine for CLp/ncsp a Prolog-like syntax. Please do not be 
misled by the type writer-like font into believing in an implementation: 
none exists. The figures given in the example are for illustration only and 
are chosen to be merely plausible. 

According to CLP bodies of clauses contain both constraint atoms and 
program atoms. We separate them with a semicolon: the constraints, 
if any, come first. Instead of writing d a ^(x) for the domain constraints, 
we write for ease of typing <a|X|b> in the style of Dirac's bra and ket 
notation. When a is infinite, we write -inf; this is a single mnemonic 
identifier, denoting that particular floating-point value. Similarly for b 
and inf or +inf. We omit constraints like <-inf |X|+inf>, which do not 
constrain their argument. 

The predicate netw(A,N.B,R>PL) asserts that network represented by 
N connects terminals A and B, has resistance R, and has parts list PL. The 
term N can be at(X) for an atomic network, which is in this case a single 
resistor; it can be ser(Nl,N2), for two networks in series, or par(Nl,N2), 
for two networks in parallel. 

1: netw(A,at(R) ,B,R, (rl50:l) .nil) 
:- <149.9|R|150.1>; . 
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7, Similarly for 100, 250, and 500 ohms. 
2: netw(A,ser(Nl,N2) ,C,R,PL) 
:- sum(Rl,R2,R) ; 

netw(A,Nl,B,Rl,PLl) , netw(B,N2,C,R2,PL2) , 
merge (PL1.PL2, PL) . 
3: netw(A,par(Nl,N2) ,B,R,PL) 

:- inv(R,RR) ,inv(Rl,RRl) ,inv(R2,RR2) , sum(RRl ,RR2 ,RR) ; 
netw(A,Nl,B,Rl,PLl) , netw(A,N2,B,R2,PL2) , 
merge (PL1.PL2, PL) . 

Clause 1 says that the network can be atomic, consisting of a single 
resistor with resistance R, represented by the term at (R) . Its parts list is 
a list consisting of a single item rl50: 1, being a resistor of nominal value 
150 ohms in quantity 1. The condition of clause 1 states that the actual 
resistance R, a real variable, belongs to the interval [149 . 9 , 150 . 1] , which 
expresses the tolerance. There are similar clauses to represent the other 
sizes of resistor that are available. 

Clause 2 says the network can be ser(Nl,N2), the series composition 
of two networks Nl and N2 of unspecified structure, with resistance R, 
that satisfies the constraint for the resistance of a serial composition of 
networks: sum(Rl ,R2 ,R) , which means that Ri + R2 — R. 

In clause 3 the constraint means 1/Ri + I/R2 ~ 1/R, which is the 
constraint for resistances Ri and R2 in parallel giving resistance R. 

The predicate merge is left as a black box. Suffice it to know that the 
goal merge (PL1 ,PL2 , PL) merges parts lists PL1 and PL2, which satisfy the 
inventory restrictions, into parts list PL unless the latter does not satisfy 
the inventory restrictions, in which case the goal fails. 

The query 

:- <149.9|R150| 150. 1>, . . . ; 

netw(a, par(at(R150) , ser (at (R500) , par(at(R100) , at(R250)))), b, R, PL). 

succeeds without search to an answer that could include something like 
<117. 1 |R| 119. 3>. The program looks like it has been written with such 
queries in mind. However, as explained below, it also succeeds, though 
with some search, to answer 

:- <115.0|R|120.0>; netw(A,N,B,R,PL) . 

with 

N = par(at(R150) , ser(at(R500) , par(at(R100) , at(R250)))) 

and 

<117.1|R|119.3>, <149.9|R150|150.1>, 

In response to the latter query CLp/ncsp has synthesized a suitable 
network, thereby solving the design problem. It traversed a search space 
consisting of multiple CSPs that was generated by CLP derivations. Many 
of these derivations were cut short by failing CSPs. 

As in the first two examples, the soundness of Theorem[T]guarantees for 
this problem that all networks that are found have a resistance contained 
in the required interval. We noticed that in the case of polynomial roots 
completeness has no interesting consequence. This was true because the 
problem had the form of a single constraint with equality. In the design of 
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a resistor network there is a goal statement with a program atom. It gives 
rise to mutiple derivations. Completeness (theorem^ implies that in case 
a solution exists, derivation are generated to cover the given interval for 
the network's resistance: all solutions are found. 

9 Concluding remarks 

CLP/ncsp only incorporates numerical CSPs into the CLP scheme. Other 
types of CSP such as those dealing with finite domains, can be incorporated 
in the same way. In fact, the CLP scheme is not restricted to including 
special-purpose computation into the logic framework: it has remedies for 
those difficulties that prevented Prolog from being a logic programming 
language. 

Pure Prolog held out the promise of a programming language with 
logical-implication semantics. The impracticality of the occurs check in 
unification and of symbolic implementation of numerical computation 
caused standard Prolog to compromise semantics. In this paper we de- 
scribed a method for including the power of hardware floating-point arith- 
metic without semantical compromise. We should not lose sight of the fact 
that the CLP scheme also has a remedy for the other blemish of standard 
Prolog: compromised unification. As Clark [9] showed, the Herbrand 
Equality Theory, which requires the occurs check, is only one possible 
unification theory for the CLP scheme. It can be replaced by Colmerauer's 
Rational Tree Equality Theory, so that we have the prospect of a fully 
practical programming language with logic-implication semantics. 
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